Version: 6.3

AWS VPC FLow Logs

Overview

The Unified Flow Collector can collect AWS VPC Flow Logs which are stored in S3. All fields are supported from VPC Flow Log versions 2 thru 5.

EF_AWS_VPC_FLOW_LOG_ENABLE

Valid Values
- true, false
Default
- false

EF_AWS_VPC_FLOW_LOG_S3_BUCKET

The S3 bucket from which to fetch AWS VPC Flow Logs.

Default
- ''

EF_AWS_VPC_FLOW_LOG_PREFIX

Default
- AWSLogs

EF_AWS_VPC_FLOW_LOG_POOL_SIZE

Specifies the number of concurrent workers to start. Increasing the number of workers will allow the collector to better handle a processing vpc flow logs in s3.

Default
- number of license units

EF_AWS_VPC_FLOW_LOG_TLS_ENABLE

This setting is used to enable/disable TLS connections to AWS S3.

Valid Values
- true, false
Default
- false

EF_AWS_VPC_FLOW_LOG_TLS_SKIP_VERIFICATION

This setting is used to enable/disable TLS verification of the AWS S3 endpoint to which the input is attempting to connect.

Valid Values
- true, false
Default
- false

EF_AWS_VPC_FLOW_LOG_TLS_CA_CERT_FILEPATH

The path to the Certificate Authority (CA) certificate to use for verification of the AWS S3 endpoint to which the input is attempting to connect.

Default
- ''

EF_AWS_VPC_FLOW_LOG_TLS_MIN_VERSION

This setting is used to set the TLS minimum version

Valid Values
- 1.2, 1.3
Default
- 1.2

AWS_REGION

The AWS SDK compatible environment variable that specifies the AWS Region to send the request to.

AWS_ACCESS_KEY_ID

Specifies an AWS access key associated with an IAM user or role.

AWS_SECRET_ACCESS_KEY

Specifies the secret key associated with the access key. This is essentially the "password" for the access key.

Overview​

EF_AWS_VPC_FLOW_LOG_ENABLE​

EF_AWS_VPC_FLOW_LOG_S3_BUCKET​

EF_AWS_VPC_FLOW_LOG_PREFIX​

EF_AWS_VPC_FLOW_LOG_POOL_SIZE​

EF_AWS_VPC_FLOW_LOG_TLS_ENABLE​

EF_AWS_VPC_FLOW_LOG_TLS_SKIP_VERIFICATION​

EF_AWS_VPC_FLOW_LOG_TLS_CA_CERT_FILEPATH​

EF_AWS_VPC_FLOW_LOG_TLS_MIN_VERSION​

AWS_REGION​

AWS_ACCESS_KEY_ID​

AWS_SECRET_ACCESS_KEY​